https://github.com/guibranco/github-infisical-secrets-check-action
🚨 :octocat: A GitHub action to check and report secrets leaks in the repository using Infisical CLI
https://github.com/guibranco/github-infisical-secrets-check-action
gh-actions github-actions hacktoberfest hacktoberfest2024 infisical secrets security security-analysis validation
Last synced: 5 months ago
JSON representation
🚨 :octocat: A GitHub action to check and report secrets leaks in the repository using Infisical CLI
- Host: GitHub
- URL: https://github.com/guibranco/github-infisical-secrets-check-action
- Owner: guibranco
- License: mit
- Created: 2024-09-14T15:47:50.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-09T06:24:09.000Z (10 months ago)
- Last Synced: 2024-12-09T07:26:00.163Z (10 months ago)
- Topics: gh-actions, github-actions, hacktoberfest, hacktoberfest2024, infisical, secrets, security, security-analysis, validation
- Homepage: https://guibranco.github.io/github-infisical-secrets-check-action/
- Size: 184 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# GitHub Infisical secrets check Action
[](https://github.com/guibranco/github-infisical-secrets-check-action "shields.io")
[](https://github.com/guibranco/github-infisical-secrets-check-action "shields.io")
[](https://github.com/guibranco/github-infisical-secrets-check-action "shields.io")
[](https://wakatime.com/badge/github/guibranco/github-infisical-secrets-check-action)
🚨 :octocat: A GitHub action to check and report secret leaks in the repository using [Infisical CLI](https://infisical.com/docs/cli/commands/scan).
---
## Usage
The following workflow step will scan for secret leaks in your repository.
```yml
- name: Run the action
uses: guibranco/github-infisical-secrets-check-action@latest
id: secrets-scan
```
---
## Inputs
- `gh_token`: The GitHub token to add the comment in the PR using the [mshick/add-pr-comment@v2](https://github.com/mshick/add-pr-comment) GitHub Action.
---
## Outputs
- `secrets-leaked`: The number of secrets leaked found by the Infisical CLI tool.
---
## Example
### With default (inherited) GitHub token
```yml
name: 'Infisical secrets check'
on:
pull_request:
jobs:
check-secrets:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Run the action
uses: guibranco/github-infisical-secrets-check-action@latest
```
### With a custom GitHub token
```yml
name: 'Infisical secrets check'
on:
pull_request:
jobs:
check-secrets:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Run the action
uses: guibranco/github-infisical-secrets-check-action@latest
with:
gh_token: ${{ secrets.GH_TOKEN }}
```
Remember to add the repository secret `GH_TOKEN`.
---
## Sample output
### Success - ✅ No secrets leaked
### Failure - 🚨 Secrets leaked!
